Worm Munches Away at Critical Windows Flaw
Article by George Norman
On 04 Nov 2008
The saga of the MS08-67 security flaw that affects Windows XP, Vista, Windows 2000, Server 2003 and Server 2008 continues. First there was the out-of-date patch released by Microsoft late October, which caught everyone’s eye because Microsoft rarely breaks the update cycle it has in place, unless the problem is big, it affects a fundamental part of the Windows OS, and is exploitable. After the patch was released, a round of explanations ensued, since everyone was intrigued and wanted to find out more about the flaw. The next chapter in this saga was releasing an exploit in the wild such as the Milw0rm and Metasploit ones.

Just as the security experts were expecting, a worm that takes advantage of unpatched, vulnerable Windows-based systems has been detected in the wild. A notice caught my eye the other day - it seems that F-Secure, company that specializes in providing antivirus software solutions and internet security, has detected a worm loose on the net that it is capable of exploiting the MS08-67 vulnerability.


“The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi. The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration. The worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg.” says F-Secure.

Symantec, company best known for its Norton Internet Security and Norton 360 security software, also detected a worm that exploits MS08-67 and has called it “Wecorl”. Once the worm infects a system it attempts to download software to that machine (which is most likely malware) and then tries to connect with other machines on the local subnet.

The worm affects only Windows 2000, XP, and Server 2003 – for these operating systems the MS08-67 flaw was deemed critical. Windows Vista and Server 2008, for whom the flaw is only “important”, are currently safe from the worm menace, but who is to say if that will remain so. The best course of action is to patch your Windows OS and update your antivirus software.

Tags: Microsoft, Windows, MS08-67
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 29 Mar 2017
What should you do when you have 5, 10, 15, or 30 minutes for a break? If you're drawing a blank and can't think of anything, come check out these 16 useful ideas.
By George Norman on 29 Mar 2017
The 8 games that are part of the Hooked on Multiplayer Humble Bundle come shy of a hundred dollars. But you can get them for a fraction of that cost, just $10.
Related News
By George Norman on 22 Mar 2017
Buying a new computer is no easy thing. It is a big investment and a big decision that you shouldn’t just rush into. That’s why you have to mull things over and ask yourself a few very important questions.
By George Norman on 07 Oct 2016
Right out of the box, BitTorrent offers a pretty enjoyable user experience. There’s room for improvement though, and all you have to do is turn off a few settings that are enabled by default.
By George Norman on 20 Mar 2017
Google Chrome, the web browser that has more than 1 billion users and loads more than 771 billion pages each month, is best known for its minimal interface, lightning fast speed, and wealth of settings. Hidden among them are...
By George Norman on 10 Nov 2016
Want to experience exciting tank battles on your PC or Mac and go against players who take to the battlefield on phones and tablets? Now you can!
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Worm Munches Away at Critical Windows Flaw
HTML Linking Code